Chief Hacks Around With Google

A reader asked me months ago to talk about the threat of 'Google Hacking' to an organization, and asked if I used 'Google Hacking' in any of my risk assessments.

In short: hell yes. If you're not attempting to do any type of reconnaissance with Google on your organization or clients, you're setting yourself up for a very unwelcome surprise down the road.

What is 'Google Hacking'? In short, it is using the Google search engine (http://www.google.com) like any other tool in your toolkit (nmap, nessus, etc.) to look for vulnerabilities in systems. Google is used for nearly 50% of all web searches on the internet. Sip some coffee and let that statistic sink in for a moment.

I'm going to give you three very important examples of how you can use Google in risk assessment activities. There are too many ways to list them all here, so I would encourage you to pick up a book or two on the subject. Chief Hacks Around With Google